NotificationsYou must be signed in to change notification settings
Fork338
Star288

Commit37e45e0

committed

feat(secrets): add new package for managing secrets

Signed-off-by: Henrique Spanoudis Matulis <hmatulis@google.com>

1 parent0df7b91 commit37e45e0Copy full SHA for 37e45e0

File tree

16 files changed

+2126

-1

lines changed

16 files changed

+2126

-1

lines changed

`‎go.mod‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ require (`
`10`	`10`	`github.com/julienschmidt/httprouterv1.3.0`
`11`	`11`	`github.com/munnerz/goautonegv0.0.0-20191010083416-a7dc8b61c822`
`12`	`12`	`github.com/mwitkow/go-conntrackv0.0.0-20190716064945-2f068394615f`
	`13`	`+github.com/prometheus/client_golangv1.20.4`
`13`	`14`	`github.com/prometheus/client_modelv0.6.2`
`14`	`15`	`github.com/stretchr/testifyv1.11.1`
`15`	`16`	`go.yaml.in/yaml/v2v2.4.2`
`@@ -25,7 +26,6 @@ require (`
`25`	`26`	`github.com/davecgh/go-spewv1.1.1// indirect`
`26`	`27`	`github.com/jpillora/backoffv1.0.0// indirect`
`27`	`28`	`github.com/pmezard/go-difflibv1.0.0// indirect`
`28`		`-github.com/prometheus/client_golangv1.20.4// indirect`
`29`	`29`	`github.com/prometheus/procfsv0.15.1// indirect`
`30`	`30`	`github.com/rogpeppe/go-internalv1.10.0// indirect`
`31`	`31`	`github.com/xhit/go-str2duration/v2v2.1.0// indirect`

`‎secrets/README.md‎`

Lines changed: 18 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,18 @@`
	`1`	`+#Secret Management`
	`2`	`+`
	`3`	+The`secrets` package provides a unified way to handle secrets within configuration files for Prometheus and its ecosystem components. It allows secrets to be specified inline, loaded from files, or fetched from other sources through a pluggable provider mechanism.
	`4`	`+`
	`5`	`+See the rendered[GoDoc here](https://pkg.go.dev/github.com/prometheus/common/secrets) if on GitHub.`
	`6`	`+`
	`7`	`+##How to Use`
	`8`	`+`
	`9`	+Using the`secrets` package involves three main steps: defining your configuration struct, initializing the secret manager, and accessing the secret values. Refer to the[package example GoDoc](https://pkg.go.dev/github.com/prometheus/common/secrets#example-package).
	`10`	`+`
	`11`	`+`
	`12`	`+##Built-in Providers`
	`13`	`+`
	`14`	+The`secrets` package comes with two built-in providers:`inline` and`file`. For more details, please refer to the[GoDoc](https://pkg.go.dev/github.com/prometheus/common/secrets#pkg-variables).
	`15`	`+`
	`16`	`+##Custom Providers`
	`17`	`+`
	`18`	+You can extend the functionality by creating your own custom secret providers. For a detailed guide on creating custom providers, please refer to the[GoDoc for the`Provider` and`ProviderConfig` interfaces](https://pkg.go.dev/github.com/prometheus/common/secrets#Provider).

`‎secrets/doc.go‎`

Lines changed: 18 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,18 @@`
	`1`	`+// Copyright 2025 The Prometheus Authors`
	`2`	`+// Licensed under the Apache License, Version 2.0 (the "License");`
	`3`	`+// you may not use this file except in compliance with the License.`
	`4`	`+// You may obtain a copy of the License at`
	`5`	`+//`
	`6`	`+// http://www.apache.org/licenses/LICENSE-2.0`
	`7`	`+//`
	`8`	`+// Unless required by applicable law or agreed to in writing, software`
	`9`	`+// distributed under the License is distributed on an "AS IS" BASIS,`
	`10`	`+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
	`11`	`+// See the License for the specific language governing permissions and`
	`12`	`+// limitations under the License.`
	`13`	`+`
	`14`	`+// Package secrets provides a unified way to handle secrets within`
	`15`	`+// configuration files for Prometheus and its ecosystem components. It allows`
	`16`	`+// secrets to be specified inline, loaded from files, or fetched from other`
	`17`	`+// sources through a pluggable provider mechanism.`
	`18`	`+package secrets`

`‎secrets/example_test.go‎`

Lines changed: 93 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,93 @@`
	`1`	`+// Copyright 2025 The Prometheus Authors`
	`2`	`+// Licensed under the Apache License, Version 2.0 (the "License");`
	`3`	`+// you may not use this file except in compliance with the License.`
	`4`	`+// You may obtain a copy of the License at`
	`5`	`+//`
	`6`	`+// http://www.apache.org/licenses/LICENSE-2.0`
	`7`	`+//`
	`8`	`+// Unless required by applicable law or agreed to in writing, software`
	`9`	`+// distributed under the License is distributed on an "AS IS" BASIS,`
	`10`	`+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
	`11`	`+// See the License for the specific language governing permissions and`
	`12`	`+// limitations under the License.`
	`13`	`+`
	`14`	`+package secrets_test`
	`15`	`+`
	`16`	`+import (`
	`17`	`+"context"`
	`18`	`+"fmt"`
	`19`	`+"log"`
	`20`	`+"os"`
	`21`	`+`
	`22`	`+"github.com/prometheus/client_golang/prometheus"`
	`23`	`+"github.com/prometheus/common/secrets"`
	`24`	`+"go.yaml.in/yaml/v2"`
	`25`	`+)`
	`26`	`+`
	`27`	`+funcExample() {`
	`28`	`+// A Prometheus registry is needed to register the secret manager's metrics.`
	`29`	`+promRegisterer:=prometheus.NewRegistry()`
	`30`	`+`
	`31`	`+// Create a temporary file for the password secret.`
	`32`	`+passwordFile,err:=os.CreateTemp("","password")`
	`33`	`+iferr!=nil {`
	`34`	`+log.Fatal(err)`
	`35`	`+}`
	`36`	`+deferos.Remove(passwordFile.Name())`
	`37`	`+`
	`38`	`+if_,err:=passwordFile.WriteString("my_super_secret_password");err!=nil {`
	`39`	`+log.Fatal(err)`
	`40`	`+}`
	`41`	`+passwordFile.Close()`
	`42`	`+`
	`43`	+// In your configuration struct, use the `secrets.Field` type for any fields
	`44`	`+// that should contain secrets.`
	`45`	`+typeMyConfigstruct {`
	`46`	+APIKey secrets.Field`yaml:"api_key"`
	`47`	+Password secrets.Field`yaml:"password"`
	`48`	`+}`
	`49`	`+`
	`50`	`+// Users can then provide secrets in their YAML configuration file.`
	`51`	+configData:= []byte(fmt.Sprintf(`
	`52`	`+api_key: "my_super_secret_api_key"`
	`53`	`+password:`
	`54`	`+ file:`
	`55`	`+ path: %s`
	`56`	+`,
	`57`	`+passwordFile.Name()))`
	`58`	`+`
	`59`	`+varcfgMyConfig`
	`60`	`+iferr:=yaml.Unmarshal(configData,&cfg);err!=nil {`
	`61`	`+log.Fatalf("Error unmarshaling config: %v",err)`
	`62`	`+}`
	`63`	`+`
	`64`	`+// Create a secret manager. This discovers and manages all Fields in cfg.`
	`65`	`+// The manager will handle refreshing secrets in the background.`
	`66`	`+manager,err:=secrets.NewManager(promRegisterer,secrets.Providers,&cfg)`
	`67`	`+iferr!=nil {`
	`68`	`+log.Fatalf("Error creating secret manager: %v",err)`
	`69`	`+}`
	`70`	`+// Start the manager's background refresh loop.`
	`71`	`+manager.Start(context.Background())`
	`72`	`+defermanager.Stop()`
	`73`	`+`
	`74`	`+// Wait for the secrets in cfg to be ready.`
	`75`	`+for {`
	`76`	`+ifready,err:=manager.SecretsReady(&cfg);err!=nil {`
	`77`	`+log.Fatalf("Error checking secret readiness: %v",err)`
	`78`	`+}elseifready {`
	`79`	`+break`
	`80`	`+}`
	`81`	`+}`
	`82`	`+`
	`83`	`+// Access the secret value when needed.`
	`84`	`+apiKey:=cfg.APIKey.Get()`
	`85`	`+password:=cfg.Password.Get()`
	`86`	`+`
	`87`	`+fmt.Printf("API Key: %s\n",apiKey)`
	`88`	`+fmt.Printf("Password: %s\n",password)`
	`89`	`+`
	`90`	`+// Output:`
	`91`	`+// API Key: my_super_secret_api_key`
	`92`	`+// Password: my_super_secret_password`
	`93`	`+}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit37e45e0

File tree

16 files changed

16 files changed

`‎go.mod‎`

`‎secrets/README.md‎`

`‎secrets/doc.go‎`

`‎secrets/example_test.go‎`

0 commit comments